Technology Assessment: Methods for Measuring the Level of Computer Security

Author(s)

Abstract

This technology assessment constitutes a summary and assessment of methods for measuring the level of computer security in computer applications, systems, and installations. The initial draft report for this document was produced in June 1981 for the National Bureau of Standards (NBS) by the System Development Corporation (SDC) as part of the NBS Computer Security and Risk Management Standards Program. The intent of that report was to provide a comprehensive assessment of the state of the art and to provide a suitable basis for producing a Federal Information Processing Standards Publication (FIPS PUB) guideline on computer security, certification, and accreditation. The FIPS PUB guideline was subsequently developed and issued as FIPS PUB 102 on September 27, 1983 and titled "Guidelines for Computer Security Certification and Accreditation" [FIP102] . This technology assessment is now being issued as a companion foundation document to FIPS PUB 102. The initial draft report has been brought up to date by changing some methodology discussions, adding a few methodologies, referencing relevant documents that appeared in the interim, and modifying the text where appropriate.

This technology assessment constitutes a summary and assessment of methods for measuring the level of computer security in computer applications, systems, and installations. The initial draft report for this document was produced in June 1981 for the National Bureau of Standards (NBS) by the...
See full abstract

This technology assessment constitutes a summary and assessment of methods for measuring the level of computer security in computer applications, systems, and installations. The initial draft report for this document was produced in June 1981 for the National Bureau of Standards (NBS) by the System Development Corporation (SDC) as part of the NBS Computer Security and Risk Management Standards Program. The intent of that report was to provide a comprehensive assessment of the state of the art and to provide a suitable basis for producing a Federal Information Processing Standards Publication (FIPS PUB) guideline on computer security, certification, and accreditation. The FIPS PUB guideline was subsequently developed and issued as FIPS PUB 102 on September 27, 1983 and titled "Guidelines for Computer Security Certification and Accreditation" [FIP102] . This technology assessment is now being issued as a companion foundation document to FIPS PUB 102. The initial draft report has been brought up to date by changing some methodology discussions, adding a few methodologies, referencing relevant documents that appeared in the interim, and modifying the text where appropriate.Hide full abstract